const express = require('express');
const {
  getUsers,
  getUserById,
  updateUser,
  changePassword,
  deleteUser,
  getProfile,
  updateProfile,
  getUserStats
} = require('../controllers/userController');
const { protect, authorize } = require('../middleware/authMiddleware');
const {
  validateUpdateProfile,
  validateChangePassword
} = require('../middleware/validationMiddleware');

const router = express.Router();

// 所有路由都需要认证
router.use(protect);

// 用户个人资料路由
router.route('/profile')
  .get(getProfile)
  .put(validateUpdateProfile, updateProfile);

// 管理员专用路由
router.get('/stats', authorize('admin'), getUserStats);
router.get('/', authorize('admin'), getUsers);

// 用户管理路由
router.route('/:id')
  .get(authorize('admin'), getUserById)
  .put(validateUpdateProfile, updateUser)
  .delete(authorize('admin'), deleteUser);

// 密码修改路由
router.put('/:id/password', validateChangePassword, changePassword);

module.exports = router;